HTTP being exposed via UPNP

Topics related to system security only
User avatar
imilne
Posts: 13
Joined: 31 May 2023, 05:50

HTTP being exposed via UPNP

Post by imilne »

Got an F4-423 a few days ago (first one I received ate its internal USB boot drive - please can you just make a workable flash image available for fixing that), and I've since noticed with its replacement that it's exposing the following via upnp:

TCP:5443:192.168.0.98:5443:1686088691:http_ssl
TCP:8181:192.168.0.98:8181:1686088691:http
TCP:26619:192.168.0.98:32400:1686088941:Plex Media Server

PLEX is expected, but what the hell is it doing opening up http(s) access to its UI to the entire internet!?

Thankfully my router runs miniupnp and has the ability to ignore upnp requests from specific IP addresses, and setting up a manual forward for PLEX sorts that, but my god Terramaster you need to get this sorted. There's nowhere in the UI that I can see that it either claims it's going to do this, or where you could even enable the option.

TOS version is 5.1.34.00007
User avatar
Gremlin
Posts: 433
Joined: 02 Dec 2022, 22:31
Great Britain

Re: HTTP being exposed via UPNP

Post by Gremlin »

Control Panel > Network > Discovery Service
F5-221 5.1.123, 8GB System Partition on 3 x 4TB Traid; 3TB EXT4
F2-221 TOS6 (Beta), 8GB System Partition on 2 x 6TB in Traid.
User avatar
imilne
Posts: 13
Joined: 31 May 2023, 05:50

Re: HTTP being exposed via UPNP

Post by imilne »

Gremlin wrote: 31 May 2023, 06:31 Control Panel > Network > Discovery Service
All that (suggests) it does is advertise the NAS to your local network; certainly doesn't appear to be anything related to enabling remote access to it. Plus it was disabled anyway.
User avatar
TMroy
TerraMaster Team
Posts: 2578
Joined: 10 Mar 2020, 14:04
China

Re: HTTP being exposed via UPNP

Post by TMroy »

I did not see where is the problem. 192.168.0.98 is your TNAS local IP address, port 5443 is https connection port, port 8181 is http connectioin port. without these two ports, you will not able to access your TOS web UI.

Whether it is exposed to the Internet depends on whether you have port forwarded on the router. Only use your TNAS local IP address, other people cannot access it from the Internet.
To contact our team, please send email to following addresses, remember to replace (at) with @:
Support team: support(at)terra-master.com (for technical support only)
Service team: service(at)terra-master.com (for purchasing, return, replacement, RMA service)
User avatar
imilne
Posts: 13
Joined: 31 May 2023, 05:50

Re: HTTP being exposed via UPNP

Post by imilne »

That output is from the miniupnp log on my router, which shows that it's been asked to forward those ports - externally - to the internal 192.168.0.98 address. And as I said, if I don't specifically block this, then the NAS UI *is* visible when connecting externally because I've tested and confirmed that.

I see from searching that Terramaster has had this problem before (eg https://www.storagereview.com/news/terr ... -over-upnp). From what I'm seeing with my NAS...it's happening again!
User avatar
Gremlin
Posts: 433
Joined: 02 Dec 2022, 22:31
Great Britain

Re: HTTP being exposed via UPNP

Post by Gremlin »

Sorry my earlier post did not assist you. I try and turn off upnp an every device in my network.
Just to be certain I just ran an Nmap scan and found only 2 devices utilising upnp. One is an old Sky satellite box and the other is a Now TV dongle neither of which are configurable. Certainly, I turn off upnp on my router anyway.

TNAS has upnp disabled (as earlier) and is certainly not a source of upnp as far as I am concerned.

I don't have plex enabled (or anything else of that nature at the moment).
Perhaps Plex itself is the culprit or maybe another service is using upnp despite the TNAS cotrol panel setting.
Maybe try a acan of your network to see what is going on.
F5-221 5.1.123, 8GB System Partition on 3 x 4TB Traid; 3TB EXT4
F2-221 TOS6 (Beta), 8GB System Partition on 2 x 6TB in Traid.
User avatar
imilne
Posts: 13
Joined: 31 May 2023, 05:50

Re: HTTP being exposed via UPNP

Post by imilne »

PLEX uses upnp to request the port it wants open, and there's nothing unusual in that, but TOS *should not* be asking for ports to be opened for its own UI - that's where the problem lies. Obviously you still need a username and password to get in, but the UI should not - unless there was a specific option for it that the user has to pre-enable - be presenting itself to the wider internet. Other users who don't know their way around upnp (and will have it enabled because of things like xbox live) are going to get caught out by this.
User avatar
imilne
Posts: 13
Joined: 31 May 2023, 05:50

Re: HTTP being exposed via UPNP

Post by imilne »

No more thoughts on this @Terramaster?

Let me reiterate:

TOS is sending UPNP broadcasts requesting that ports 5443 and 8181 are port forwarded to it, exposing its UI to the wider internet.
User avatar
TMroy
TerraMaster Team
Posts: 2578
Joined: 10 Mar 2020, 14:04
China

Re: HTTP being exposed via UPNP

Post by TMroy »

we are verifying this issue, please wait.
To contact our team, please send email to following addresses, remember to replace (at) with @:
Support team: support(at)terra-master.com (for technical support only)
Service team: service(at)terra-master.com (for purchasing, return, replacement, RMA service)
User avatar
imilne
Posts: 13
Joined: 31 May 2023, 05:50

Re: HTTP being exposed via UPNP

Post by imilne »

Happy to help in any way I can, eg providing logs, etc.
Post Reply